Linux desktop gamers should know of a bug in Valve's Steam client that will, if you're not careful, delete all files on your PC belonging to your regular user account....The issue was traced to a shell script variable that's supposed to contain a filesystem path, but can end up empty if Steam's files are moved or missing, and is passed as an argument to rm -rf.

Soon to be fixed no doubt - but still something to be aware of until it is. Full article here.

There's nothing intrinsically wrong with rm -rf/. It's just one more command. The same as rd /s/Q in Windows. It can be a handy way of cleaning out a lot of unneeded directories and files provided you know (a) exactly what you want to accomplish; and (b) exactly how the command actually works.

In this case, not having the '$STEAMROOT' directory where it was expected to be was the same as invoking the command with a wildcard. So instead of purging a specific directory, having a null value for $STEAMROOT meant the shell interpreter blew past it and went straight to / as its next valid criteria. Booyah! And blammo too!

I'm amazed whoever put that command in a script didn't realize that could happen. Especially since rm -rf/* is one of the first "killer commands Linux users learn and repeatedly get warned about. My guess is that whoever did this is probably a Windows programmer by trade. Windows has some built-in safeguards when you run the rd command. That, however, is not the case in Linux, which assumes you know what you're doing when issuing commands within a terminal session.

I'm amazed whoever put that command in a script didn't realize that could happen. Especially since rm -rf/* is one of the first "killer commands Linux users learn and repeatedly get warned about. My guess is that whoever did this is probably a Windows programmer by trade. Windows has some built-in safeguards when you run the rd command. That, however, is not the case in Linux, which assumes you know what you're doing when issuing commands within a terminal session.

Valve isn't a three man op - they have a few bucks to their name. So I'd think if they write Linux code, they'd presumably get a decently skilled Linux coder who is aware of the basics like this. Or if they have to have a "Windows programmer by trade" write the bulk of the code, they'd at least get a Linux guy to eyeball it for sanity.

I'm particularly disturbed that it was labeled "scary" - to me, that seems like something is missing from the programming "story", especially as you remarked how basic of an issue this is, this being in people's top lists of scary commands to be really careful of. I can't imagine anything I'd do for work that I'd notice as "scary", then ... not check it with a boss! Notice especially it's work, for a big company, not some well meaning guy just trying to write a nice little utility and getting it wrong. And the severity of what can go wrong is also a red flag for me.

^Well...it happened. Not much else we can say about it since we could only speculate endlessly as to why it happened. Somebody screwed up or wasn't thinking clearly. That's the centerpiece problem at the heart of everything from space shuttle explosions to checking account overdrafts.